From 19c62fc0042f8ce4380e1fafc21d355e0b83bc5a2addd9fa84448d63ff3c622a Mon Sep 17 00:00:00 2001 From: "Marc S. Weidner" Date: Mon, 2 Jun 2025 09:22:24 +0200 Subject: [PATCH] V8.03.133.2025.06.02 Signed-off-by: Marc S. Weidner --- .gitea/workflows/generate-iso.yaml | 2 + .gitea/workflows/render-md-to-html.yaml | 176 ++++++++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 .gitea/workflows/render-md-to-html.yaml diff --git a/.gitea/workflows/generate-iso.yaml b/.gitea/workflows/generate-iso.yaml index b016721..389c132 100644 --- a/.gitea/workflows/generate-iso.yaml +++ b/.gitea/workflows/generate-iso.yaml @@ -276,6 +276,8 @@ jobs: export GNUPGHOME="$(pwd)/.gnupg" git fetch origin master git rebase origin/master + git status + git log --oneline -n 5 - name: Stage generated files. shell: bash diff --git a/.gitea/workflows/render-md-to-html.yaml b/.gitea/workflows/render-md-to-html.yaml new file mode 100644 index 0000000..aa5ef46 --- /dev/null +++ b/.gitea/workflows/render-md-to-html.yaml @@ -0,0 +1,176 @@ +# SPDX-Version: 3.0 +# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; +# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git +# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency +# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; +# SPDX-FileType: SOURCE +# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0 +# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework. +# SPDX-PackageName: CISS.debian.live.builder +# SPDX-Security-Contact: security@coresecret.eu + +### Version Master V8.03.127.2025.06.02 + +name: Render README.md to README.html + +permissions: + contents: write + +on: + push: + branches: + - master + paths: + - "**/*.md" + - '.gitea/linkfix.lua' + +jobs: + render-md-to-html: + name: Render README.md to README.html + runs-on: ubuntu-latest + + steps: + - name: Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config. + shell: bash + run: | + rm -rf ~/.ssh && mkdir -m700 ~/.ssh + + ### Private Key + echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + + ### Scan git.coresecret.dev to fill ~/.ssh/known_hosts + ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts + chmod 600 ~/.ssh/known_hosts + + ### Generate SSH Config for git.coresecret.dev Custom-Port + cat <| ~/.ssh/config + Host git.coresecret.dev + HostName git.coresecret.dev + Port 42842 + IdentityFile ~/.ssh/id_ed25519 + StrictHostKeyChecking yes + UserKnownHostsFile ~/.ssh/known_hosts + EOF + chmod 600 ~/.ssh/config + + ### https://github.com/actions/checkout/issues/1843 + - name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues. + shell: bash + env: + ### GITHUB_REF_NAME contains the branch name from the push event. + GITHUB_REF_NAME: ${{ github.ref_name }} + run: | + git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git . + git fetch --unshallow || echo "Nothing to fetch - already full clone." + + - name: Cleaning the workspace. + shell: bash + run: | + git reset --hard + git clean -fd + + - name: Importing the 'CI PGP DEPLOY ONLY' key. + shell: bash + run: | + ### GPG-Home relative to the Runner Workspace to avoid changing global files. + export GNUPGHOME="$(pwd)/.gnupg" + mkdir -m 700 "${GNUPGHOME}" + echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc + gpg --batch --import ci-bot.sec.asc + ### Trust the key automatically + KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}') + echo "trust-model always" >| "${GNUPGHOME}/gpg.conf" + + - name: Configuring Git for signed CI/DEPLOY commits. + shell: bash + run: | + export GNUPGHOME="$(pwd)/.gnupg" + git config user.name "Marc S. Weidner BOT" + git config user.email "msw+bot@coresecret.dev" + git config commit.gpgsign true + git config gpg.program gpg + git config gpg.format openpgp + + - name: Convert APT sources to HTTPS. + shell: bash + run: | + sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list + sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true + + - name: Install Pandoc & dependencies. + shell: bash + run: | + sudo apt-get update + sudo apt-get install -y pandoc + + - name: Ensure .html/ directory exists. + shell: bash + run: + mkdir -p .html + + - name: Render *.md to full standalone HTML. + shell: bash + run: | + find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do + out=$(basename "${file%.md}.html") + pandoc -s "${file}" \ + --metadata title="${file}" \ + --metadata lang=en \ + -f gfm+footnotes \ + -t html5 \ + --no-highlight \ + --strip-comments \ + --wrap=none \ + --lua-filter=.gitea/linkfix.lua \ + -o .html/"${out}" + done + + - name: Extract HTML fragment for Gitea for *.md. + shell: bash + run: | + find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do + out="${file%.md}.html" + pandoc "${file}" \ + -f gfm+footnotes \ + -t html5 \ + --no-highlight \ + --strip-comments \ + --wrap=none \ + --lua-filter=.gitea/linkfix.lua \ + -o "${out}" + done + + - name: Sync with remote before commit to avoid Job Race Conditions. + shell: bash + env: + GIT_SSH_COMMAND: "ssh -p 42842" + run: | + export GNUPGHOME="$(pwd)/.gnupg" + git fetch origin master + git rebase origin/master + git status + git log --oneline -n 5 + + - name: Stage generated files. + shell: bash + env: + GIT_SSH_COMMAND: "ssh -p 42842" + run: | + git add '*.html' + + - name: Commit and Sign changes. + shell: bash + env: + GIT_SSH_COMMAND: "ssh -p 42842" + run: | + export GNUPGHOME="$(pwd)/.gnupg" + git commit -S -m "DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]" || echo "No Changes, nothing to Sign or to Commit." + + - name: Push back to Repository. + shell: bash + env: + GIT_SSH_COMMAND: "ssh -p 42842" + run: | + git push origin HEAD:${GITHUB_REF_NAME} +# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml